2 Commits

Author SHA1 Message Date
Eric Fried
9519601401 Get auth from context for glance endpoint
Change the Adapter loading for glance to use the auth from the user
context instead of exposing and requiring it in the conf.  With this
change, it is possible to leave the [glance] conf section empty and
still be able to discover the image API endpoint from the service
catalog.

Note that, when we do this, we often end up with the user auth being a
_ContextAuthPlugin, which doesn't conform to the characteristics of
keystoneauth1.identity.base.BaseIdentityPlugin as augmented in
keystoneauth1 3.1.0.  This requires a series of workarounds until bug
1709118 is fixed.  These, along with workarounds for bugs 1707993 and
1707995, are subsumed with this change set in a (hopefully temporary)
helper method nova.utils.get_endpoint.

This lays the foundation for other services that should use user
context for authentication - those via which Nova is acting on behalf
of the user, i.e. cinder, keystone, and (sometimes) neutron[1].
(Services such as placement and ironic (and sometimes neutron) should
continue to use admin auth context loaded from the conf.)

[1] bb4faf40df/nova/network/neutronv2/api.py (L149-L160)

Co-Authored-By: Eric Fried <efried@us.ibm.com>
Partial-Implements: bp use-ksa-adapter-for-endpoints
Change-Id: I4e755b9c66ec8bc3af0393e81cffd91c56064717
2017-11-21 10:26:42 -06:00
Eric Fried
0a8f019be0 nova.utils.get_ksa_adapter()
Provide a new method:

nova.utils.get_ksa_adapter(service_type, ks_auth=None, ks_session=None,
                           min_version=None, max_version=None))

...to configure a keystoneauth1 Adapter for a service.  The Adapter, and
its component keystoneauth1 artifacts not passed into the method, are
loaded based on options in the conf group corresponding to the specified
service_type.

The ultimate goal is to replace the various disparate mechanisms used by
different services to do endpoint URL and version discovery.  In Queens,
the original mechanisms will still take precedence, but (other than
[glance]api_servers - see the spec) will be deprecated.  In Rocky, the
deprecated options will be removed.

This change incorporates the above utility into endpoint discovery for
glance and ironic.  Future change sets will do the same for other
services (cinder, neutron, placement).

Change-Id: If625411f40be0ba642baeb02950f568f43673655
Partial-Implements: bp use-ksa-adapter-for-endpoints
Closes-Bug: #1707860
2017-10-09 08:24:40 -05:00